IAC-Ansible/Makefile at main · bauer-group/IAC-Ansible · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# IAC-Ansible Makefile
# Usage: make <target> [LIMIT=<pattern>] [TAGS=<tags>] [ENV=<environment>]

SHELL := /bin/bash
ENV ?= production
INVENTORY := inventory/$(ENV)/hosts.yml
LIMIT_ARG := $(if $(LIMIT),--limit "$(LIMIT)",)
TAGS_ARG := $(if $(TAGS),--tags "$(TAGS)",)
LABEL_ARG := $(if $(LABEL),-e "filter_label=$(LABEL)",)
EXTRA_ARGS := $(LIMIT_ARG) $(TAGS_ARG) $(LABEL_ARG)

.PHONY: help setup deploy update reboot ping facts lint check push cleanup vault-edit vault-create vault-view vault-rekey validate syntax graph hosts k0s k0s-status

help: ## Show this help
	@echo "IAC-Ansible - Infrastructure as Code"
	@echo ""
	@echo "Usage: make <target> [OPTIONS]"
	@echo ""
	@echo "Options:"
	@echo "  LIMIT=<pattern>    Filter hosts (supports wildcards: *.bauer-group.com)"
	@echo "  TAGS=<tags>        Run only specific tags"
	@echo "  LABEL=<label>      Filter by host label"
	@echo "  ENV=<env>          Environment (default: production)"
	@echo ""
	@echo "Targets:"
	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \
		awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2}'
	@echo ""
	@echo "Examples:"
	@echo "  make deploy                                    # Deploy to all servers"
	@echo "  make deploy LIMIT=0046-20.cloud.bauer-group.com"
	@echo "  make deploy LIMIT='*.bauer-group.com'"
	@echo "  make update LIMIT='192.168.1.*'"
	@echo "  make deploy LABEL=webserver"
	@echo "  make check                                     # Dry-run mode"

setup: ## Initial setup - install requirements
	ansible-galaxy install -r requirements.yml --force
	@echo "Setup complete."

deploy: ## Run full deployment (site.yml)
	ansible-playbook -i $(INVENTORY) playbooks/site.yml $(EXTRA_ARGS)

k0s: ## Apply k0s role only (Phase 7)
	ansible-playbook -i $(INVENTORY) playbooks/site.yml --tags k0s $(EXTRA_ARGS)

k0s-status: ## Show k0s status on cluster nodes (LIMIT optional)
	ansible -i $(INVENTORY) k0s_cluster -m ansible.builtin.command -a "/usr/local/bin/k0s status" --become $(LIMIT_ARG)

update: ## Run system updates only
	ansible-playbook -i $(INVENTORY) playbooks/update.yml $(EXTRA_ARGS)

reboot: ## Controlled reboot
	ansible-playbook -i $(INVENTORY) playbooks/maintenance/reboot.yml $(EXTRA_ARGS)

cleanup: ## Run cleanup tasks
	ansible-playbook -i $(INVENTORY) playbooks/maintenance/cleanup.yml $(EXTRA_ARGS)

ping: ## Ping all hosts
	ansible -i $(INVENTORY) all -m ping $(LIMIT_ARG)

facts: ## Gather and display facts
	ansible -i $(INVENTORY) all -m setup $(LIMIT_ARG)

lint: ## Lint all playbooks and roles
	ansible-lint playbooks/ roles/
	yamllint -c .yamllint .

check: ## Dry-run deployment (check mode)
	ansible-playbook -i $(INVENTORY) playbooks/site.yml $(EXTRA_ARGS) --check --diff

push: ## Trigger immediate update on remote hosts via SSH
	@if [ -z "$(LIMIT)" ]; then \
		echo "ERROR: LIMIT required for push. Usage: make push LIMIT=<host>"; \
		exit 1; \
	fi
	ansible -i $(INVENTORY) "$(LIMIT)" -m ansible.builtin.systemd -a "name=ansible-pull.service state=started" --become $(LABEL_ARG)

vault-edit: ## Edit vault secrets
	ansible-vault edit inventory/$(ENV)/group_vars/all/secrets.yml

vault-create: ## Create new vault file
	ansible-vault create inventory/$(ENV)/group_vars/all/secrets.yml

vault-view: ## View decrypted vault secrets
	ansible-vault view inventory/$(ENV)/group_vars/all/secrets.yml

vault-rekey: ## Change vault encryption password
	ansible-vault rekey inventory/$(ENV)/group_vars/all/secrets.yml

validate: ## Validate inventory syntax
	ansible-inventory -i $(INVENTORY) --list > /dev/null
	@echo "✓ Inventory valid"

syntax: ## Check playbook syntax
	ansible-playbook -i $(INVENTORY) --syntax-check playbooks/site.yml

graph: ## Show inventory group tree
	ansible-inventory -i $(INVENTORY) --graph

hosts: ## List all managed hosts
	ansible-inventory -i $(INVENTORY) --list | python -c "import sys,json; [print(h) for h in json.load(sys.stdin).get('_meta',{}).get('hostvars',{}).keys()]"